diff --git a/src/server/middleware.go b/src/server/middleware.go
index dda7342..e162872 100644
--- a/src/server/middleware.go
+++ b/src/server/middleware.go
@@ -17,11 +17,6 @@ type authMiddleware struct {
 }
 
 func (m *authMiddleware) handler(c *router.Context) {
-	basepath := m.basepath
-	if basepath == "" {
-		basepath = "/"
-	}
-
 	if strings.HasPrefix(c.Req.URL.Path, m.public) {
 		c.Next()
 		return
@@ -31,7 +26,7 @@ func (m *authMiddleware) handler(c *router.Context) {
 		return
 	}
 
-	if c.Req.URL.Path != basepath {
+	if c.Req.URL.Path != m.basepath {
 		// TODO: check ajax
 		c.Out.WriteHeader(http.StatusForbidden)
 		return
diff --git a/src/server/routes.go b/src/server/routes.go
index c53f668..47dce41 100644
--- a/src/server/routes.go
+++ b/src/server/routes.go
@@ -23,7 +23,7 @@ func (s *Server) handler() http.Handler {
 		a := &authMiddleware{
 			username: s.Username,
 			password: s.Password,
-			basepath: BasePath,
+			basepath: BasePath + "/",
 			public: BasePath + "/static",
 		}
 		r.Use(a.handler)